Edge Integration Cell on AWS
SAP Integration Suite – Edge Integration Cell (EIC) can be deployed on Amazon Web Services (AWS) to leverage its scalable infrastructure while maintaining secure and controlled execution in a customer-managed environment. This architecture combines AWS-native services with EIC’s hybrid capabilities, ensuring a seamless integration experience.
Architecture
Overview
Deploying EIC on AWS requires a secure, scalable, and resilient infrastructure that adheres to enterprise compliance and hybrid cloud best practices. This setup ensures that sensitive data stays within a private AWS environment while leveraging SAP Integration Suite in the cloud for design, monitoring, and lifecycle management.
AWS Setup
1. VPC and Networking
To ensure a secure and private execution environment, create a Virtual Private Cloud (VPC) with multi-AZ redundancy for high availability (HA).
-
Multi-AZ Deployment:
- Distribute your EIC components across three AWS Availability Zones (AZs) to ensure high availability. This setup helps maintain continuous service in case one AZ goes down, as the workload automatically fails over to another AZ.
-
Network Segmentation:
- Private Subnets: Deploy critical EIC runtime components in private subnets to prevent direct access from public internet.
- Public Subnets: These subnets are used for components like EC2-based bastion hosts or Network Load Balancers (NLB), which handle external traffic and distribute the load across different AZs.
-
Internet Access Control for EIC:
- NAT Gateways: NAT allow components in private subnets to securely access external services without exposing internal EIC workloads to the internet.
- Internet Gateway: For EIC runtime components that need outbound internet access, the Internet Gateway enables the necessary connectivity.
- Security Groups and Network ACLs: These are used to enforce strict access control, ensuring secure communication between EIC components.
2. Amazon EKS Cluster
EIC workloads require a containerized runtime, making Amazon Elastic Kubernetes Service (EKS) the preferred choice for managing and scaling integration flows.
-
Cluster Setup:
- The EKS control plane is fully managed by AWS, reducing operational overhead.
- Worker nodes are deployed in private subnets for enhanced security.
-
Security and Access Control:
- Use IAM roles for service accounts (IRSA) to grant least-privilege permissions to pods.
For sizing recommendations, refer to this SAP Note
3. Storage and Databases
EIC requires multiple storage solutions for transaction logs, runtime data, and caching.
-
Amazon RDS
- Amazon RDS provides a fully managed relational database for storing EIC runtime data.
- Amazon RDS for PostgreSQL is recommended for EIC.
- Enable RDS Multi-AZ replication for high availability.
-
Amazon ElastiCache
- Amazon ElastiCache helps reduce latency by caching frequently accessed EIC runtime data using Redis.
-
Amazon Elastic Block Store (EBS)
- Amazon EBS provides block storage for Kubernetes worker nodes with ReadWriteOnce (RWO) access, suitable for storing EIC application data.
-
Amazon Elastic File System (EFS)
- Amazon EFS provides shared file storage with ReadWriteMany (RWX) access, allowing multiple EIC runtimes to read and write data concurrently.
SAP Setup
1. Activate EIC in your SAP BTP Subaccount
- Activate Edge Integration Cell (EIC) in your SAP Business Technology Platform (BTP) subaccount.
- Assign the necessary roles to enable access to Edge Lifecycle Management (ELM) for managing and monitoring Edge nodes.
2. Configure a Technical User and Set Up SSO
- Create technical users (P-User and S-User) to interact with the SAP systems and to access SAP repository based shipment channel.
- Set up Single Sign-On (SSO) for secure repository access, including monitoring and logging.
3. Add an Edge Node and Bootstrap to Kubernetes
- Add an Edge Node in Edge Lifecycle Management (ELM) and bootstrap it to your Amazon EKS cluster running in your private AWS landscape.
Resources
You can find detailed, step-by-step instructions for both the basic and high availability (HA) setup, including SAP and AWS configuration and deployment steps, in the following GitHub repository:
Deploy SAP Integration Suite - Edge Integration Cell on Amazon Web Services
Recommendation
The architecture and setup instructions in the GitHub repository above outline a small production deployment. Since deployments vary depending on business needs, these recommendations should be treated as a starting point.